Details of workshop #2 :
We will be covering
CSRF
Blind SQL Injection
How to turn SQL injection into owning the box outright
If anyone has anything else they'd like to look at, say so
You will need the following equipment and software
A portable computer which can access the space's wireless network
Firefox
The Sun/Oracle Java Runtime Environment (JRE)
Burp Suite ( pro or demo version from http://portswigger.net/ )
Netcat (easy to use) or socat (a bit of a pain, but awesomely powerful)
All of these tools will run on Mac/Windows/Linux/BSD, take your pick
The following skills
A basic understanding of Stored and Reflected XSS
A basic understanding of SQL Injection
A little practice of using Burp Suite
A vague understanding of HTTP
If you do not have these skills, a quick rerun of workshop #1 will be
running form 1030-1230
For this you will just need:
Firefox
The Sun/Oracle Java Runtime Environment (JRE)
A portable computer which can access the space's wireless network
General computer literacy and half a brain
TO BE ON TIME! *
* Last time some people arrived late and after a point I just didnt
have time help them get setup and to troubleshoot their laptops.
If anyone attempts to pay me this time around, I'll be taking your
cash and putting it towards some good whiskey. Instead id recommend
donating it to the space or becoming a member
Best,
Renski
What do you mean you need a refresher? You should be doing this every other day!
Renski
-adrian